General
-
Target
Documenti di spedizione 0000876666000.bat
-
Size
743KB
-
Sample
240917-mgk2ksxhkc
-
MD5
7c558f240d951c19ae299c88ca87c458
-
SHA1
25b8293ef1cff55fa4688d3cedeaada888eea471
-
SHA256
85c28df1f833c2212643df5ff0601cb4a203c113065d79fa2be73c150fe5678c
-
SHA512
b460cfed71e8ecfb5e75476e014e387bfa38240ab3fd571d914513666c2dec58783d83a40aa51540ca92300227ddd5d3356259cef3d9d9625bcdee95a6961977
-
SSDEEP
12288:nXJaAf3gv3zDtlZcqY18aAV0uyBXGuhteUX3whlQj27xpbcbXDKzJ:5aO3gvjs8JV0uyBeUXFOvbcPKF
Static task
static1
Behavioral task
behavioral1
Sample
Documenti di spedizione 0000876666000.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Documenti di spedizione 0000876666000.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.concaribe.com - Port:
21 - Username:
[email protected] - Password:
ro}UWgz#!38E
Targets
-
-
Target
Documenti di spedizione 0000876666000.bat
-
Size
743KB
-
MD5
7c558f240d951c19ae299c88ca87c458
-
SHA1
25b8293ef1cff55fa4688d3cedeaada888eea471
-
SHA256
85c28df1f833c2212643df5ff0601cb4a203c113065d79fa2be73c150fe5678c
-
SHA512
b460cfed71e8ecfb5e75476e014e387bfa38240ab3fd571d914513666c2dec58783d83a40aa51540ca92300227ddd5d3356259cef3d9d9625bcdee95a6961977
-
SSDEEP
12288:nXJaAf3gv3zDtlZcqY18aAV0uyBXGuhteUX3whlQj27xpbcbXDKzJ:5aO3gvjs8JV0uyBeUXFOvbcPKF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-